Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2019-4350

Malware in sbrugna...

6.1CVSS6.2AI score0.00063EPSS
Exploits0References3
NVD
NVDadded 2022/02/11 2:15 a.m.10 views

CVE-2022-24954

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings...

9.8CVSS0.00897EPSS
Exploits1References2
Prion
Prionadded 2022/02/11 2:15 a.m.12 views

Stack overflow

Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings...

7.5CVSS9.4AI score0.00897EPSS
Exploits1References2Affected Software2
Microsoft KB
Microsoft KBadded 2021/10/05 12:0 a.m.3 views

October 5, 2021, update for Access 2016 (KB5001978)

October 5, 2021, update for Access 2016 KB5001978 This article describes update 5001978 for Microsoft Access 2016 that was released on October 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

6.3AI score
Exploits0
NVD
NVDadded 2019/08/05 1:15 a.m.12 views

CVE-2019-14654

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9...

8.8CVSS8.9AI score0.00453EPSS
Exploits0References1
Prion
Prionadded 2019/08/05 1:15 a.m.12 views

Remote code execution

In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9...

6.5CVSS8.9AI score0.00453EPSS
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions Listadded 2019/06/20 12:0 a.m.33 views

[20190701] - Core - Filter attribute in subform fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

8.8CVSS8.3AI score0.00453EPSS
Exploits0Affected Software1
NVD
NVDadded 2019/06/11 7:29 p.m.9 views

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

6.1CVSS6.5AI score0.00063EPSS
Exploits0References2
OSV
OSVadded 2019/06/11 7:29 p.m.8 views

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

6.1CVSS5.9AI score
Exploits0References2
Prion
Prionadded 2019/06/11 7:29 p.m.11 views

Design/Logic Flaw

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

4.3CVSS5.8AI score0.00063EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2019/06/11 6:36 p.m.9 views

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...

6.5AI score0.00063EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2019/06/11 12:0 a.m.2 views

PT-2019-12933 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.7 Description: An issue was discovered where the subform fieldtype does not sufficiently filter or validate input of subfields, leading to XSS attack vectors. Recommendations: For versions prior to 3.9.7, update ...

6.1CVSS5.9AI score0.00063EPSS
Exploits0References5
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions Listadded 2019/01/01 12:0 a.m.77 views

[20190602] - Core - XSS in subform field

The subform fieldtype does not sufficiently filter or validate input of subfields, this leads to XSS attack vectors...

6.1CVSS3.5AI score0.00063EPSS
Exploits0Affected Software1
OSV
OSVadded 2018/05/17 3:29 p.m.0 views

CVE-2018-9937

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score0.00223EPSS
Exploits0References2
Prion
Prionadded 2018/05/17 3:29 p.m.12 views

Type confusion

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.00223EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2018/05/17 3:0 p.m.48 views

CVE-2018-9937

Foxit Reader 9.0.0.29935 is affected by a vulnerability in the XFA subform parsing that can lead to remote code execution via type confusion when a user opens a malicious page or file. The flaw arises from improper validation of user-supplied data in subform elements, allowing an attacker to run ...

8.8CVSS8.8AI score0.00223EPSS
Exploits0References2Affected Software2
Zero Day Initiative
Zero Day Initiativeadded 2018/05/15 12:0 a.m.21 views

Adobe Acrobat Pro DC XFA SubForm Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

6.8CVSS2.1AI score0.03132EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2018/05/15 12:0 a.m.26 views

Acrobat Reader DC XFA Subform Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

6.8CVSS1.9AI score0.0222EPSS
Exploits0References1
CNVD
CNVDadded 2018/04/28 12:0 a.m.1 views

Foxit Reader XFA subform remote code execution vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA subform element, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...

8.8CVSS7.7AI score0.00223EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2018/04/20 12:0 a.m.18 views

Foxit Reader XFA subform Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.8CVSS4.8AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder